PretaGov Limited

Internal eForms from PretaGov

Replace your manual, paper-based processes with an eform, paperless workflow management system with PretaForm. Easily create intelligent business process applications like travel claims, leave requests, employee on-boarding etc. eForm functions include data capture, approvals, backend integration, business logic. Our low code platform empowers your team to digitise faster and cheaper.

Features

  • Low code platform means easy eform building for non-technical staff.
  • Supports through the web cloud coding for developers.
  • Simple to learn, drag and drop UI, requires little training.
  • Offers document automation and workflow management technology.
  • Provides intelligent behaviour based on the answers submitted.
  • Can be configured to allow multi-page eforms and business rules.
  • In-built alerts to review responses and reminders to participants.
  • Robust functionality for eform data capture.
  • Open API to support the delivery of software interoperability.

Benefits

  • Rapidly build and roll out digital services in-house at anytime.
  • Save money by automating manual paper based processes.
  • Your developers will be enablers rather than a bottleneck.
  • Produces cost savings across the organisation.
  • Works on any level system so no need to upgrade.
  • Complex proof, build any customised business process in-house.
  • DIY, no need to pay for expensive professional services.
  • Easy to prototype and modify to improve the service ongoing.
  • Accelerates digital transformation.
  • Spend your time on what matters, not our system.

Pricing

£6.75 to £25 per user per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 5 9 0 0 6 9 3 9 3 9 8 9 9 6

Contact

PretaGov Limited

Virginia Choy

020 8819 3863

virginia.choy@pretagov.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
PretaForm can be embedded into websites and intranets.
Cloud deployment model
Community cloud
Service constraints
PretaGov carries out planned maintenance and provide 7 days notice to clients of scheduled maintenance windows.
System requirements
Standard browsers such as Chrome, Microsoft Edge or Explorer, Firefox

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 response within 1 hour
Priority 2 response within 4 hours
Priority 3 response within 7 hour

After hours priority 1 support is offered as an add-on service.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
PretaForm SaaS support includes:
- support with troubleshooting, problem-solving and software bugs
- A help desk system where issues can be submitted by email or phone.
- 24x7 after-hours support (as an upgrade option)
- Advice on custom work.
- 24x7 monitoring for outages with rapid rectification
- Upgrades of the PretaForm product.

PretaGov SaaS Maintenance Service
Under this service, your PretaGov cloud architecture will receive regular analysis, tuning, maintenance, check-ups and security software updates.

Support and maintenance costs are included with the PretaForm SaaS fee.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Staff can be trained to use PretaForm in a one to two day training session on-site. Attendees will be shown how to build the basic eform and then implement more technical requirements such as backend logins, reports, worklists, custom workflow, PDF generation, web-service calls and more.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
On request, PretaGov will package the data then provide it to the client.
End-of-contract process
PretaGov Software as a Service includes access to the software, government security standard fully managed hosting, support and maintenance. Additional costs include any professional services. There are no fees to terminate the contract, just one month's notice must be provided.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
PretaForm comes with inbuilt responsive design so it is optimised for mobile devices and desktops. The mobile version will include all the features of a desktop version but re-sizes content including media like videos, etc and fix them according to the size of mobile device.
Service interface
Yes
Description of service interface
The service can be accessed via a web browser interface. Supported browsers are Internet Explorer 7 - 11, Microsoft Edge, Firefox, Chrome, Safari 9+ and Opera. The service has been designed to also be used on mobile devices.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
PretaGov SaaS products are build using the Plone open source CMS. Plone uses assistive technology like WAI-ARIA roles to the current best practices. It has been tested with users of assistive technology such as those with vision impairment.
API
Yes
What users can and can't do using the API
Users are able to make changes to the design and manipulate the stored form data using our API.

Each service can be copied as many times as they want so they can create sandbox instances for themselves.

Clients don’t need a separate UAT machine.
API documentation
Yes
API documentation formats
  • HTML
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
PretaForm is a low code platform that allows customisations for example it has a built-in theming engine which means the front end form's javascript and CSS can be transformed to make it look and feel like any desired design by the client through the web.

Our cloud coding features allows technical staff to implement custom business processes such as backend integration, complex validations, workflow etc without having to download software and deploy code.

PretaForm allows repetitive business processes such as backend integrations or complex workflow to be built by internal technical staff as point and click (code builders) macros. This makes non-technical form builders even more productive.

Scaling

Independence of resources
PretaForm is designed to automatically scale with increased hardware. Our cloud hosting supplier provides APIs to create new cloud services. This process is tied to usage monitoring and increases servers as needed. Similarly the servers can be switched off to scale down when demand drops.

PretaGov will actively monitor usage and performance. We increase capacity when necessary within the limitations of the hosting partner to ensure optimal performance. We also carry out regular maintenance activities to optimise performance.

Analytics

Service usage metrics
Yes
Metrics types
PretaForm has Google Analytics support built-in. This allows tracking the form filling process as a Google Analytics funnel to get statistics on success and visualisation of where users drop out of the form filling process.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via API integration into backend systems.
Downloading of .CSV, PDF, XML, HL7 and other formats.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • .CSV importable into Microsoft Excel
  • PDF
  • HL7
  • XML
  • Any other open format can be scripted.
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JSON
  • Email
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We guarantee 99.95% availability.

Where PretaGov does not meet the same Service Level under the Service Level Agreement for each month in a consecutive six (6) month period, the Customer shall be entitled to treat such failure as a substantial breach for the purposes of compensation. Compensation is detailed in our service credit table.
Approach to resilience
This information is available on request.
Outage reporting
Customers will be notified by email.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The PretaGov Cloud SaaS products are powered by the Plone CMS (www.plone.org) which provides fine-grained control over access and modification of the service.

Access to content includes the ability to define groups of users. Access rights and permissions can be granted to any combination of groups, individual users, as well as to Anonymous (not logged in) users of the site.

Plone CMS’s fine grained control allows administrators to provide restricted access to others in the organisation, through the use of roles and groups and folder specific roles.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
PretaGov has a strict and documented framework on how personnel, executives and staff work together to protect digital assets, ensure data loss prevention and protect the organisation's public reputation.

The Chief Technology Officer of PretaGov is responsible for security of the PretaGov cloud platforms.
Information security policies and processes
PretaGov maintains, and annually updates, a comprehensive Information Security Management System documentation, which details employee’s responsibilities toward all types of assets, management’s role, training, confidentiality of client data and acceptable use of resources, and more. All staff must review and sign this policy during on-boarding. Staff review our ISMS regularly.

PretaGov information security program for its SaaS Solutions depends at the highest level on policies governing various aspects of PretaGov SaaS Operations – including specialised policies and procedures governing practices such as incident response process, change management, and backups.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
PretaGov maintains and follows formal change management processes. All changes to the production environment (network, systems, platform, application, configuration, including physical changes such as equipment moves) are tracked and implemented by our technical team.

All deployments into production or change to the production environment (network, systems, platform, application, configuration, etc.) must be submitted to, reviewed and approved by the CTO prior to implementation.

Promotion of code from engineering into production is controlled by the change management process, and the SaaS Operations team manages all deployments into the production environment. Testing, other than deployment validation, is prohibited in the production environment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The PretaGov platform uses community open source software and stays up to date with vulnerability information for each part of the platform. The platform uses Plone at the application layer which has a history of minimal security vulnerabilities. When a vulnerability to Plone is discovered and a patch is made available, the fix is applied within 48 hours based on our SLA. Other critical vulnerabilities are patched within 14 days, important patches are applied within 30 days.

PretaGov tracks details of each security vulnerability so that it can schedule and then deploy fixes when they are made available.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
PretaGov uses server intrusion detection and security vulnerability scanning to detect and monitor suspicious activity. The servers are monitored at all times so that an audit trail of activity can be logged. Alerts are sent when suspicious activity or significant events are discovered.

PretaGov platforms include a monitoring system which collects data trending data around performance, errors, system usage etc. This detail is covered in our standard service level agreements. PretaGov responds within an hour to such incidents.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
PretaGov has developed a robust Security Incident Response Process (“SIRP”) to address events related to PretaGov SaaS Solutions in an efficient and timely manner. The SIRP process describes how the team is deployed, documents the criteria for incident severity, defines the investigation and diagnosis workflow, details documentation and reporting requirements, and establishes contact information.

PretaGov monitors their servers 24 by 7 and notifications are sent to on-call staff if the monitoring solutions detect any issues with the platform. A support hotline, web and email ticketing system are in place to report issues. Reports are given on an hourly basis.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Pricing

Price
£6.75 to £25 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Trial users may try the full system for 2 weeks on request.

Service documents

Return to top ↑